Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".Rather than get into details here, I urge you to check out this announcement post. It's a massive upgrade, and well worth checking out. -E

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Replace Dynamic ID with external OTP

I have a cluster XL R80.10 with mobile access and dynamic ID enabled. The users are simple checkpoint password, but I want migrate them to radius.
That's is not a problem, authentication with radius works very well.
I don't know how to replace dynamic ID with external OTP. I want a first step authentication with radius: user and password and the second step with OTP verified on external system (for example google authenticator), don't generated by checkpoint and sent to sms gateway.
I can only do a single step authentication, user and password+otp.
With password+otp I can't enable MsChapV2, but I must use pap (insecure).